Project

General

Profile

Actions

Bug #19051

open

Incorrect pointers in global_cc_cache_table when compacting

Added by eightbitraptor (Matthew Valentine-House) 4 months ago. Updated 4 months ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:110273]

Description

Github PR 6531

During auto-compaction, T_IMEMO objects get moved around the heap. vm->The global_cc_cache_table is an array of pointers to callcache objects, stored as T_IMEMO's of type callcache on the GC heap. These pointers are never updated during the update references step of compaction. If the T_IMEMO object gets moved and another object allocated in the same slot, then the contents of the global_cc_cache_table will be incorrect, resulting in a crash when attempting to access it.

An example of this is during the mark phase when we attempt to check the validity of the callcache entry before marking it, but the object is not actually a callcache.

-- C level backtrace information -------------------------------------------
/usr/local/ruby/bin/ruby(rb_print_backtrace+0x11) [0x5610067b325e] vm_dump.c:759
/usr/local/ruby/bin/ruby(rb_vm_bugreport) vm_dump.c:1045
/usr/local/ruby/bin/ruby(rb_bug_for_fatal_signal+0xec) [0x5610068603bc] error.c:821
/usr/local/ruby/bin/ruby(sigsegv+0x4d) [0x561006706d9d] signal.c:964
/lib/x86_64-linux-gnu/libpthread.so.0(__restore_rt+0x0) [0x7f87ce6ea420]
/usr/local/ruby/bin/ruby(vm_cc_invalidated_p+0x4) [0x5610067acb84] vm_callinfo.h:369
/usr/local/ruby/bin/ruby(rb_vm_mark) vm.c:2652
/usr/local/ruby/bin/ruby(gc_mark_roots+0x55) [0x5610065f4305] gc.c:7180
/usr/local/ruby/bin/ruby(gc_marks_start+0x13) [0x5610065f6450] gc.c:7852
/usr/local/ruby/bin/ruby(gc_marks) gc.c:8149
Actions #1

Updated by eightbitraptor (Matthew Valentine-House) 4 months ago

  • Description updated (diff)
Actions

Also available in: Atom PDF

Like0
Like0